Month: August 2013

The topic of hiring reformed Black Hats continues to be a matter of debate. Some believe that ‘You’re shooting yourself in the foot if you’re not willing to hire a hacker’ while others believe such an idea is preposterous because it is not possible to reform any person who has been convicted. Others may believe it simply doesn’t look good to hire convicted felons and dismiss the thought. Unfortunately it isn’t possible to do that in the US and the continuing attitude toward convicted felons must change.

On April 25, 2012 the Equal Employment Opportunity Commission (EEOC) released new enforcement guidance regarding the Consideration of Arrest and Conviction Records In Employment Decisions. In summary the enforcement guidance prohibits blanket policies that prohibit hiring convicted felons. Security professionals should speak to HR, Legal, and other stakeholders to determine the proper processes for applicants. If two candidates with similar qualifications apply, an employer can not simply choose to not hire the felon.

Employers must now take a variety of factors into consideration such as age at time of conviction, employment history, number of offenses for which there is a conviction, rehabilitation efforts, and other criteria. This creates a layer of complexity in screening applicants. Businesses are starting to reconsider the importance, and more importantly, the liability associated with pre-employment background screening. Risk averse organizations may choose to forego criminal background screening since one defense against a discrimination claim is that the applicant’s background was never checked. The risk of an applicant alleging discrimination is also why many legal and compliance professionals recommend against social media reviews. If you do not know an applicant’s religious or other affiliation, it is easier to defend against a discrimination claim.

One aspect to consider is whether or not the candidate is a good fit for the organization. Personality and demonstrable skills are becoming more important than degrees and other factors. Should we consider arrest and conviction history among those other factors? Security professionals are conditioned to believe that everyone must be squeaky clean. In terms of stakeholder management this attitude does not always bring shareholder value and may be at odds with the strategic direction of the business.

The organization’s Corporate Social Responsibility (CSR) policy or Compliance & Ethics Program may require that the organization hire convicted felons as a means of helping them rejoin society. Such policies can also help reduce recidivism. The CFO may also become involved in the discussion as well. The US Department Of Labor Work Opportunity Tax Credit can save the company $1600-$9600 depending on the employee hired. Maximizing tax efficiency is one thing that finance and accounting professionals do. There can be a financial case for hiring convicted felons, especially in the information security discipline.

The topic of hiring reformed Black Hats is controversial, but when the complex legal requirements are considered the possibility of government sanctions make the idea of hiring Black Hats worth considering. Information Security professionals can take part in the strategic direction of an organization by working with HR, Compliance & Ethics, and Finance to enhance the organization’s overall goals. We have attempted to end discrimination based on a person’s skin color. The color of the hat they wear is something we should also add to the list.

“It doesn’t matter whether it’s a white cat or a black, I think; a cat that catches mice is a good cat.” — Comrade Deng Xiaoping

Accenture is interested in buying Booz & Co., a spin out from Booz Allen Hamilton. Someone became a little jumpy and decided to buy shares of Booz Allen Hamilton thinking they were getting access to Booz & Co. For a company that has leaks there is enough interest to continue our hypothesis that hacking or leaking does not value of a company.

At first glance it looked like $BAH would never get another government contract. But now $BAH is up 30% from when it was revealed that Edward Snowden worked for them. They are unlikely to be “leaked out of business” by Snowden’s actions. This adds to the historical evidence that companies do not go out of business if IP is leaked or stolen. It appears that the cliche of any publicity is good publicity is at work.